On 2/15/12 4:10 PM, Jeff Morriss wrote:
> Why not practical?
>
>> $ egrep -c "static .?int hf" epan/dissectors/* | sort -t : -n -k 2 |
>> tail -3
>> epan/dissectors/packet-nbap.c:3284
>> epan/dissectors/x11-declarations.h:7119
>> epan/dissectors/packet-rrc.c:8403
>
>
> (Admittedly those 3 are all generated dissectors, but I also imagine
> you're not dealing with *quite* that many fields...) But these
> dissectors are both manually generated:
The original H.323 dissector I wrote eons ago had hundreds if not
thousands of fields one could filter on. Every single element in the
ASN.1 specs (H.225, H.245) was generated into a proto_item. This was in
the Ethereal 0.4 (?) days... It had *thousands* of variables contained
in a couple of C++ structs (did you know there's a limited amount of
member variables in a struct?).
So I wouldn't be afraid of adding lots and lots of filterable fields to
a dissector. The more the better.
--
Andreas Sikkema